mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-01-31 03:27:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make the pledge sandbox .so object work with UBSAN (#1290)

Browse source 
Currently, cosmopolitan's pledge sandbox .so shared object wrongly tries
to use a bunch of UBSAN symbols, which are not defined when outside of a
cosmopolitan-based context (save if the sandboxed binary also happens to
be itself using UBSAN, but that's obviously very commonly not the case).

Fix this by making it such that the sandbox .so shared object traps when
UBSAN is triggered, avoiding any attempt to call into the UBSAN runtime.
This commit is contained in:
Gabriel Ravier 2024-09-15 02:07:04 +02:00 committed by GitHub
parent ed1f992cb7
commit 19563d37c1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
tool/build/BUILD.mk
View file

@ -86,9 +86,11 @@ o/$(MODE)/tool/build/cocmd.zip.o: private \
# we need pic because:
# so it can be an LD_PRELOAD payload
# we need fsanitize-trap=all becuase:
# so we don't need to pull in the entire ubsan runtime
o/$(MODE)/tool/build/dso/sandbox.o: private \
CFLAGS += \
-fPIC
-fPIC -fsanitize-trap=all
o/$(MODE)/tool/build/dso/sandbox.o: \
libc/calls/calls.h \